Architecture reference models for early safety analysis

In 2001, Lui Sha published a paper entitled “Using Simplicity to Control Complexity.” It describes an architecture that switches between a high-assurance-control subsystem and a high-performance-control subsystem. But his solution is much bigger and can be more widely applied; the Simplex architecture is a solution-creating technique for combining two algorithms such that a system retains the safety of the first while gaining the features of the second. Using this architecture has been difficult because it has not been clear what kinds of problems the Simplex architecture solves; neither has it been clear in what ways developers can describe Simplex to conduct an early analysis of their own Simplex-based designs. Simply put, my work is as much about Simplex as it is about describing Simplex architectures. This dissertation provides a collection of precise, logical descriptions of the Simplex architecture in four different modeling paradigms. I also describe my implementation of a Simplex architecture in a distributed control environment.